jeste restartovao mi je i uklonjeno je sve sto je nasao! evo log karte...
Malwarebytes' Anti-Malware 1.30
Verzija baze podataka: 1390
Windows 5.1.2600 Service Pack 3
11/12/2008 11:33:01 PM
mbam-log-2008-11-12 (23-33-00).txt
Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 49217
Proteklo vreme: 12 minute(s), 3 second(s)
Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 2
Inficirani ključevi u registru: 34
Inficirane vrednosti u registru: 7
Inficirani podaci u registru: 2
Inficirane fascikle: 7
Inficirane datoteke: 38
Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani moduli u memoriji:
C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar\2.bin\S4PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
Inficirani ključevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2adb537-aff6-4d72-ba77-da012a6fdea6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifedeby (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b2adb537-aff6-4d72-ba77-da012a6fdea6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{014da6c0-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fac94900-96d9-47fa-ba33-7ef1bbfbbcec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbarbesttoolbarstoolbar.besttoolbarstoolbarobject (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2adb537-aff6-4d72-ba77-da012a6fdea6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Inficirane vrednosti u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{12f02779-6d88-4958-8ad3-83c12d86adc7} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b2adb537-aff6-4d72-ba77-da012a6fdea6} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.InstantAccess) -> Quarantined and deleted successfully.
Inficirani podaci u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Inficirane fascikle:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\ac8zt2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Inficirane datoteke:
C:\WINDOWS\system32\iifedebY.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qxyyfvat.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tavfyyxq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsnBA.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nslB3.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsmDC.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsmE3.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsmE6.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsnB7.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsoCB.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsuD2.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsyCF.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\nsyD8.tmp\blowfish_d.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\2.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\2.bin\S4FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\2.bin\S4FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\2.bin\S4NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\2.bin\S4NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\2.bin\S4PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MySearch\bar\Cache\0005BC14 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\001A6EC8.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\001A91F0.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\0096DB72 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iuosmcu_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ooqkyya_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iuosmcu_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ooqkyya_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Start Menu\NoCreditCard.lnk (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Favorites\Search Online.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Favorites\VIP Casino.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Favorites\Cheap Pharmacy Online.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Favorites\SMS TRAP.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\xp profesional\Local Settings\Temp\myconfig.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
--------------------------------------------
a evo i rezultata skeniranja od pre 5 minuta
Malwarebytes' Anti-Malware 1.30
Verzija baze podataka: 1390
Windows 5.1.2600 Service Pack 3
11/13/2008 12:17:54 PM
mbam-log-2008-11-13 (12-17-54).txt
Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 48531
Proteklo vreme: 10 minute(s), 37 second(s)
Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 0
Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)
Inficirani ključevi u registru:
(Maliciozne stavke nisu detektovane)
Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)
Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)
Inficirane fascikle:
(Maliciozne stavke nisu detektovane)
Inficirane datoteke:
(Maliciozne stavke nisu detektovane)
-----------------------------------------------
[Ovu poruku je menjao srecnica dana 13.11.2008. u 12:18 GMT+1]
ceca